# Try LocalGovDrupal on AWS
Although I work for an AWS partner, I've always shied away from AWS CloudFormation (opens new window), their orchestration technology. However, when I got talking to Will (opens new window) here at LocalGovDrupal about reducing the barrier to entry for organisations who want to use the distribution as a starting point, a plan formed. Perhaps the AWS Marketplace would be a good way to allow other councils to find and try out LocalGovDrupal?
The kicker of course is to put something in AWS Marketplace you pretty much need to build it with AWS CloudFormation. CloudFormation basically provides a YAML or JSON formatted means of describing any AWS service so it can be automatically set up and configured, and as a result your infrastructure can be saved in code. There are other products that achieve similar, for example the popular Terraform (opens new window) from the infrastructure automation people at Hashicorp (opens new window), not to mention the AWS Ansible (opens new window) modules, both commercially maintained (opens new window) and community developed (opens new window). After some search engine pounding I fell upon the AWS Reference Architecture project for Highly Available Drupal (opens new window) in their
aws-samples repository on GitHub. It's pretty out of date, but nice and complete, even with DNS handling and SSL and CDN configuration right out of the box. It has issues though:
- It's really old! So it's using an old version of Drupal (opens new window), an old version of Amazon Linux (opens new window), even an old PHP version (7.0), so all that needed updating
- It doesn't actually make any effort to handle installing Drupal, in spite of build parameters that imply it does
- LocalGovDrupal installs with
composer, but the provided
install_drupalscript assumes you can just unpack a downloaded archive
- All the instance types are previous generation
- It doesn't work in AWS regions that weren't yet supporting all the necessary products when it was made (crucially, including London)
So more work that I intended to do - I could've just packed an Amazon Machine Image (AMI) and had done with it, but I decided I wanted to bring this reference architecture into 2021 so I could learn more about CloudFormation and also create a potentially useful "production release" Marketplace product. All the changes I had to make are recorded here in a pull request on GitHub for posterity. (opens new window)
But in essence, here's how it works:
The master template (opens new window) defines all the parameters CloudFormation needs the end customer to enter in order to build the infrastructure and install Drupal. Then for each requirement element it loads in a
Resource sub-template that does the actual creation of that element. All the resource templates are in our repository (opens new window), but also on AWS S3 for public use. The order is set using
DependsOn in the master template, so because the
newvpc resource has no dependencies it naturally gets built first, everything else depends on it because it builds a new Virtual Private Cloud (opens new window) (VPC) - a standalone virtual network at AWS. Once that is built and our new network is in place, it moves on to the
securitygroups resource, which orchestrates the creation of the virtual firewalls separating the various bits of infrastructure from each other and the outside world (opens new window).
After that, there's a whole bunch of infra we can build at once, because it all
DependsOn the VPC and the Security Groups (SGs) existing. So next comes (in no particular order, CloudFormation can build them asynchronously) the:
bastionresource - an AWS Auto Scaling Group (opens new window) for EC2 (ASG) for creating a server to use as a jumping off point to SSH to the web server cluster, if needed
efsresource - for mountable network disk (opens new window)
publicalbresource - to create our load balancer which will sit in front of our web servers (opens new window)
There are a few other resources that depend on the VPC and the SGs, but which also have their own special extra dependencies, namely the:
elasticacheresource - this runs up an ElastiCache (opens new window) cluster for Drupal caching via memcached, but it has an extra dependency - it's optional on the user entry form, so if it isn't selected it isn't built
rdsclusterresource - creates an AWS Aurora (their MySQL flavour) database cluster (opens new window) - the only option in the reference architecture, but I altered this to offer the choice of an:
rdsinstanceresource - which creates a standalone, single or multiple availability zone MariaDB instance (opens new window), a single-AZ instance (effectively a single database server) or even a highly available multi-AZ instance (opens new window) being cheaper to operate than a full Aurora cluster!
Once that stuff is all up, CloudFormation can create the ASG for the web servers. This is similar to the
bastion resource, except it has a few extras. It needs to:
- install PHP and dependencies for LocalGovDrupal
- install Apache
- install Drupal using
drush si(the site install command)
This all happens via a
cloud-init (opens new window) script, which gets described in the YAML file of the
web template and is built and executed by the wrapper AWS have created call
cfn being shorthand for CloudFormation).
Once that's done, it's all over bar the shouting. You might have to wait 15 minutes or so to actually see Drupal, because the
composer install and the
drush si take quite a bit of time, but if you login to your AWS console and go to EC2 and Load Balancers you'll see your new load balancer, and there should be a Drupal website on its URL.
There are just two more resources in the master template we haven't loaded in yet,
route53. These are both options on the form, but if selected, and once the
web template has successfully built its ASG, these templates will be executed. One creates a DNS record for the new Drupal website (but only if you're using AWS Route 53 (opens new window) for DNS services, of course). The other puts the CloudFront CDN (opens new window) in front of your load balancer, for better performance, SSL as standard and DDoS protection (which I recommend - it's not even expensive).
And that's the stack! Once it's all up, you'll find a vanilla LocalGovDrupal waiting for you to play with it.
Is it in the Marketplace? No, not yet - we're not sure how/who should do this, it needs to be discussed. Can you use it? Yes! The good news is all you need is an active AWS account and you can have at it! Just go to this project on GitHub (opens new window) and click on Launch Stack next to the region you want to use, fill in the form and off it will go!
I will continue to develop this, add more
composer options, an option to load in the demo content project, and so on. Do keep an eye on the repository. Any issues, let me know via the GitHub issue queue for the project. (opens new window)